diff --git a/src/Appwrite/Platform/Action.php b/src/Appwrite/Platform/Action.php index 056a33b320..5699a67ff2 100644 --- a/src/Appwrite/Platform/Action.php +++ b/src/Appwrite/Platform/Action.php @@ -2,6 +2,8 @@ namespace Appwrite\Platform; +use Appwrite\Utopia\Request; +use Appwrite\Utopia\Response; use Swoole\Coroutine as Co; use Utopia\CLI\Console; use Utopia\Database\Database; @@ -157,4 +159,45 @@ class Action extends UtopiaAction Console::info("[" . DateTime::now() . "] " . $method . ' ' . $type . ' ' . $project->getSequence() . ' ' . $project->getId() . ' ' . $collectionId . ' ' . $log); } } + + + /** + * Helper to apply (request) select queries to response model. + * + * This prevents default values of rules to be presnet for not-selected attributes + * + * @param Request $request + * @param Document $document + * @return void + */ + public function applySelectQueries(Request $request, Response $response, string $model): void + { + $queries = $request->getParam('queries', []); + + $queries = Query::parseQueries($queries); + $selectQueries = Query::groupByType($queries)['selections'] ?? []; + + // No select queries means no filtering out + if (empty($selectQueries)) { + return; + } + + $attributes = []; + foreach ($selectQueries as $query) { + foreach ($query->getValues() as $attribute) { + $attributes[] = $attribute; + } + } + + $responseModel = $response->getModel($model); + foreach ($responseModel->getRules() as $ruleName => $rule) { + if (\str_starts_with($ruleName, '$')) { + continue; + } + + if (!\in_array($ruleName, $attributes)) { + $responseModel->removeRule($ruleName); + } + } + } } diff --git a/src/Appwrite/Platform/Modules/Compute/Base.php b/src/Appwrite/Platform/Modules/Compute/Base.php index e58f2b8664..92805fbaf8 100644 --- a/src/Appwrite/Platform/Modules/Compute/Base.php +++ b/src/Appwrite/Platform/Modules/Compute/Base.php @@ -4,6 +4,7 @@ namespace Appwrite\Platform\Modules\Compute; use Appwrite\Event\Build; use Appwrite\Extend\Exception; +use Appwrite\Platform\Action; use Utopia\Database\Database; use Utopia\Database\Document; use Utopia\Database\Exception\Duplicate; @@ -11,7 +12,6 @@ use Utopia\Database\Helpers\ID; use Utopia\Database\Helpers\Permission; use Utopia\Database\Helpers\Role; use Utopia\Database\Validator\Authorization; -use Utopia\Platform\Action; use Utopia\Swoole\Request; use Utopia\System\System; use Utopia\VCS\Adapter\Git\GitHub; diff --git a/src/Appwrite/Platform/Modules/Functions/Http/Deployments/XList.php b/src/Appwrite/Platform/Modules/Functions/Http/Deployments/XList.php index 996df299d0..2850c5b279 100644 --- a/src/Appwrite/Platform/Modules/Functions/Http/Deployments/XList.php +++ b/src/Appwrite/Platform/Modules/Functions/Http/Deployments/XList.php @@ -3,10 +3,12 @@ namespace Appwrite\Platform\Modules\Functions\Http\Deployments; use Appwrite\Extend\Exception; +use Appwrite\Platform\Modules\Compute\Base; use Appwrite\SDK\AuthType; use Appwrite\SDK\Method; use Appwrite\SDK\Response as SDKResponse; use Appwrite\Utopia\Database\Validator\Queries\Deployments; +use Appwrite\Utopia\Request; use Appwrite\Utopia\Response; use Utopia\Database\Database; use Utopia\Database\Document; @@ -19,7 +21,7 @@ use Utopia\Platform\Action; use Utopia\Platform\Scope\HTTP; use Utopia\Validator\Text; -class XList extends Action +class XList extends Base { use HTTP; @@ -55,6 +57,7 @@ class XList extends Action ->param('functionId', '', new UID(), 'Function ID.') ->param('queries', [], new Deployments(), 'Array of query strings generated using the Query class provided by the SDK. [Learn more about queries](https://appwrite.io/docs/queries). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' queries are allowed, each ' . APP_LIMIT_ARRAY_ELEMENT_SIZE . ' characters long. You may filter on the following attributes: ' . implode(', ', Deployments::ALLOWED_ATTRIBUTES), true) ->param('search', '', new Text(256), 'Search term to filter your list results. Max length: 256 chars.', true) + ->inject('request') ->inject('response') ->inject('dbForProject') ->callback($this->action(...)); @@ -64,6 +67,7 @@ class XList extends Action string $functionId, array $queries, string $search, + Request $request, Response $response, Database $dbForProject ) { @@ -121,6 +125,7 @@ class XList extends Action throw new Exception(Exception::DATABASE_QUERY_ORDER_NULL, "The order attribute '{$e->getAttribute()}' had a null value. Cursor pagination requires all documents order attribute values are non-null."); } + $this->applySelectQueries($request, $response, Response::MODEL_DEPLOYMENT); $response->dynamic(new Document([ 'deployments' => $results, 'total' => $total, diff --git a/src/Appwrite/Platform/Modules/Sites/Http/Deployments/XList.php b/src/Appwrite/Platform/Modules/Sites/Http/Deployments/XList.php index a1a79ec155..436cd69b52 100644 --- a/src/Appwrite/Platform/Modules/Sites/Http/Deployments/XList.php +++ b/src/Appwrite/Platform/Modules/Sites/Http/Deployments/XList.php @@ -3,10 +3,12 @@ namespace Appwrite\Platform\Modules\Sites\Http\Deployments; use Appwrite\Extend\Exception; +use Appwrite\Platform\Modules\Compute\Base; use Appwrite\SDK\AuthType; use Appwrite\SDK\Method; use Appwrite\SDK\Response as SDKResponse; use Appwrite\Utopia\Database\Validator\Queries\Deployments; +use Appwrite\Utopia\Request; use Appwrite\Utopia\Response; use Utopia\Database\Database; use Utopia\Database\Document; @@ -19,7 +21,7 @@ use Utopia\Platform\Action; use Utopia\Platform\Scope\HTTP; use Utopia\Validator\Text; -class XList extends Action +class XList extends Base { use HTTP; @@ -55,13 +57,20 @@ class XList extends Action ->param('siteId', '', new UID(), 'Site ID.') ->param('queries', [], new Deployments(), 'Array of query strings generated using the Query class provided by the SDK. [Learn more about queries](https://appwrite.io/docs/queries). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' queries are allowed, each ' . APP_LIMIT_ARRAY_ELEMENT_SIZE . ' characters long. You may filter on the following attributes: ' . implode(', ', Deployments::ALLOWED_ATTRIBUTES), true) ->param('search', '', new Text(256), 'Search term to filter your list results. Max length: 256 chars.', true) + ->inject('request') ->inject('response') ->inject('dbForProject') ->callback($this->action(...)); } - public function action(string $siteId, array $queries, string $search, Response $response, Database $dbForProject) - { + public function action( + string $siteId, + array $queries, + string $search, + Request $request, + Response $response, + Database $dbForProject + ) { $site = $dbForProject->getDocument('sites', $siteId); if ($site->isEmpty()) { @@ -116,6 +125,7 @@ class XList extends Action throw new Exception(Exception::DATABASE_QUERY_ORDER_NULL, "The order attribute '{$e->getAttribute()}' had a null value. Cursor pagination requires all documents order attribute values are non-null."); } + $this->applySelectQueries($request, $response, Response::MODEL_DEPLOYMENT); $response->dynamic(new Document([ 'deployments' => $results, 'total' => $total, diff --git a/src/Appwrite/Utopia/Database/Validator/Queries/Base.php b/src/Appwrite/Utopia/Database/Validator/Queries/Base.php index 1c5dec44dd..9d9bbde00b 100644 --- a/src/Appwrite/Utopia/Database/Validator/Queries/Base.php +++ b/src/Appwrite/Utopia/Database/Validator/Queries/Base.php @@ -11,6 +11,7 @@ use Utopia\Database\Validator\Query\Filter; use Utopia\Database\Validator\Query\Limit; use Utopia\Database\Validator\Query\Offset; use Utopia\Database\Validator\Query\Order; +use Utopia\Database\Validator\Query\Select; class Base extends Queries { @@ -40,41 +41,51 @@ class Base extends Queries $allowedAttributesLookup[$attribute] = true; } + $allAttributes = []; $attributes = []; foreach ($collection['attributes'] as $attribute) { $key = $attribute['$id']; - if (!isset($allowedAttributesLookup[$key])) { - continue; - } - - $attributes[] = new Document([ + $attributeDocument = new Document([ 'key' => $key, 'type' => $attribute['type'], 'array' => $attribute['array'], ]); + + $allAttributes[] = $attributeDocument; + + if (isset($allowedAttributesLookup[$key])) { + $attributes[] = $attributeDocument; + } } - $attributes[] = new Document([ - 'key' => '$id', - 'type' => Database::VAR_STRING, - 'array' => false, - ]); - $attributes[] = new Document([ - 'key' => '$createdAt', - 'type' => Database::VAR_DATETIME, - 'array' => false, - ]); - $attributes[] = new Document([ - 'key' => '$updatedAt', - 'type' => Database::VAR_DATETIME, - 'array' => false, - ]); - $attributes[] = new Document([ - 'key' => '$sequence', - 'type' => Database::VAR_INTEGER, - 'array' => false, - ]); + $internalAttributes = [ + new Document([ + 'key' => '$id', + 'type' => Database::VAR_STRING, + 'array' => false, + ]), + new Document([ + 'key' => '$createdAt', + 'type' => Database::VAR_DATETIME, + 'array' => false, + ]), + new Document([ + 'key' => '$updatedAt', + 'type' => Database::VAR_DATETIME, + 'array' => false, + ]), + new Document([ + 'key' => '$sequence', + 'type' => Database::VAR_INTEGER, + 'array' => false, + ]) + ]; + + foreach ($internalAttributes as $attribute) { + $attributes[] = $attribute; + $allAttributes[] = $attribute; + } $validators = [ new Limit(), @@ -84,6 +95,15 @@ class Base extends Queries new Order($attributes), ]; + if ($this->isSelectQueryAllowed()) { + $validators[] = new Select($allAttributes); + } + parent::__construct($validators); } + + public function isSelectQueryAllowed(): bool + { + return false; + } } diff --git a/src/Appwrite/Utopia/Database/Validator/Queries/Deployments.php b/src/Appwrite/Utopia/Database/Validator/Queries/Deployments.php index 73631ecfb8..6348e69cd9 100644 --- a/src/Appwrite/Utopia/Database/Validator/Queries/Deployments.php +++ b/src/Appwrite/Utopia/Database/Validator/Queries/Deployments.php @@ -22,4 +22,9 @@ class Deployments extends Base { parent::__construct('deployments', self::ALLOWED_ATTRIBUTES); } + + public function isSelectQueryAllowed(): bool + { + return true; + } } diff --git a/src/Appwrite/Utopia/Response.php b/src/Appwrite/Utopia/Response.php index cec275869a..e0ca38587d 100644 --- a/src/Appwrite/Utopia/Response.php +++ b/src/Appwrite/Utopia/Response.php @@ -402,7 +402,7 @@ class Response extends SwooleResponse /** * Response constructor. * - * @param float $time + * @param SwooleHTTPResponse $response Native response to be passed to parent constructor */ public function __construct(SwooleHTTPResponse $response) { diff --git a/src/Appwrite/Utopia/Response/Model.php b/src/Appwrite/Utopia/Response/Model.php index 962da4834c..80c2c4d620 100644 --- a/src/Appwrite/Utopia/Response/Model.php +++ b/src/Appwrite/Utopia/Response/Model.php @@ -44,6 +44,7 @@ abstract class Model /** * Filter Document Structure + * @param Document $document Document to apply filter on * * @return Document */ @@ -105,7 +106,7 @@ abstract class Model * @param string $key * @return Model */ - protected function removeRule(string $key): self + public function removeRule(string $key): self { if (isset($this->rules[$key])) { unset($this->rules[$key]); diff --git a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php index 220ffb3cdb..0d63791151 100644 --- a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php +++ b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php @@ -721,6 +721,30 @@ class FunctionsCustomServerTest extends Scope $this->assertEquals($deployments['headers']['status-code'], 200); $this->assertCount(1, $deployments['body']['deployments']); + $deployments = $this->listDeployments($functionId, [ + 'queries' => [ + Query::select(['status'])->toString(), + ], + ]); + + $this->assertEquals($deployments['headers']['status-code'], 200); + $this->assertArrayHasKey('status', $deployments['body']['deployments'][0]); + $this->assertArrayHasKey('status', $deployments['body']['deployments'][1]); + $this->assertArrayNotHasKey('sourceSize', $deployments['body']['deployments'][0]); + $this->assertArrayNotHasKey('sourceSize', $deployments['body']['deployments'][1]); + + // Extra select query check, for attribute not allowed by filter queries + $deployments = $this->listDeployments($functionId, [ + 'queries' => [ + Query::select(['buildLogs'])->toString(), + ], + ]); + $this->assertEquals($deployments['headers']['status-code'], 200); + $this->assertArrayHasKey('buildLogs', $deployments['body']['deployments'][0]); + $this->assertArrayHasKey('buildLogs', $deployments['body']['deployments'][1]); + $this->assertArrayNotHasKey('sourceSize', $deployments['body']['deployments'][0]); + $this->assertArrayNotHasKey('sourceSize', $deployments['body']['deployments'][1]); + $deployments = $this->listDeployments($functionId, [ 'queries' => [ Query::offset(1)->toString(), diff --git a/tests/e2e/Services/Sites/SitesCustomServerTest.php b/tests/e2e/Services/Sites/SitesCustomServerTest.php index ac1aab21ce..d28e2fe8b4 100644 --- a/tests/e2e/Services/Sites/SitesCustomServerTest.php +++ b/tests/e2e/Services/Sites/SitesCustomServerTest.php @@ -1052,6 +1052,30 @@ class SitesCustomServerTest extends Scope $this->assertEquals($deployments['headers']['status-code'], 200); $this->assertCount(1, $deployments['body']['deployments']); + $deployments = $this->listDeployments($siteId, [ + 'queries' => [ + Query::select(['status'])->toString(), + ], + ]); + + $this->assertEquals($deployments['headers']['status-code'], 200); + $this->assertArrayHasKey('status', $deployments['body']['deployments'][0]); + $this->assertArrayHasKey('status', $deployments['body']['deployments'][1]); + $this->assertArrayNotHasKey('sourceSize', $deployments['body']['deployments'][0]); + $this->assertArrayNotHasKey('sourceSize', $deployments['body']['deployments'][1]); + + // Extra select query check, for attribute not allowed by filter queries + $deployments = $this->listDeployments($siteId, [ + 'queries' => [ + Query::select(['buildLogs'])->toString(), + ], + ]); + $this->assertEquals($deployments['headers']['status-code'], 200); + $this->assertArrayHasKey('buildLogs', $deployments['body']['deployments'][0]); + $this->assertArrayHasKey('buildLogs', $deployments['body']['deployments'][1]); + $this->assertArrayNotHasKey('sourceSize', $deployments['body']['deployments'][0]); + $this->assertArrayNotHasKey('sourceSize', $deployments['body']['deployments'][1]); + $deployments = $this->listDeployments($siteId, [ 'queries' => [ Query::offset(1)->toString(), diff --git a/tests/e2e/Services/Users/UsersBase.php b/tests/e2e/Services/Users/UsersBase.php index 0aa5784930..2cf1e4c65d 100644 --- a/tests/e2e/Services/Users/UsersBase.php +++ b/tests/e2e/Services/Users/UsersBase.php @@ -445,6 +445,19 @@ trait UsersBase $user1 = $response['body']['users'][1]; + // This test ensures that by default, endpoints dont support select queries + // If we add select query to this endpoint, you will need to remove this test + // Please make sure to add it to another place, unless all endpoints support select queries + $response = $this->client->call(Client::METHOD_GET, '/users', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'queries' => [ + Query::select(['name'])->toString() + ] + ]); + $this->assertEquals($response['headers']['status-code'], 400); + $response = $this->client->call(Client::METHOD_GET, '/users', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'],